Raquel wrote:
On Thu, 12 Feb 2009 19:40:16 +1100
Alex Samad wrote:
this is ssh complaining about incorrect password being supplied, I
presume you do not allow password authentication for root !
This is some script kiddie or mutant pc try brute attack against
your sshd server, try fail2ban
I
On Thu, 12 Feb 2009 19:40:16 +1100
Alex Samad wrote:
> this is ssh complaining about incorrect password being supplied, I
> presume you do not allow password authentication for root !
>
> This is some script kiddie or mutant pc try brute attack against
> your sshd server, try fail2ban
I used to
* Kevin Philp [2009 Feb 12 05:25 -0600]:
> 6. If its convenient switch to a different port - the brute force
> attackers just scan blocks of IP addresses at port 22 - if you are using
> port 22 you are much less likely to be scanned.
Perhaps you meant, "if you are _not_ using port 22 you are
SSH brute force attacks are very common - we get several a week. There
are various methods for stopping them - a summary is in:
http://www.security-hacks.com/2007/05/23/protecting-against-ssh-brute-force-attacks
I suggest the following:
1. configure ssh to block all users apart from those you
Norman Bird:
> I decided to check the auth.log and started freaking out because I saw alot
> of POSSIBLE BREAK-IN lines.
It says "possible break-in *attempt*". But either way, it is harmless.
And, by the way: do you think a smart attacker who gained root on your
machine would leave traces in the
On Thu, Feb 12, 2009 at 12:57:21AM -0500, Norman Bird wrote:
> I decided to check the auth.log and started freaking out because I saw alot
> of POSSIBLE BREAK-IN lines. then I saw roon loging in so I was panicking.
> But as I really reviewed them it seems that the actual root logins were by
> CRON
At 06:15 PM 12/17/99 +0100, Robert Varga wrote:
>
>Last weekend we have a misterious breakdown of one of our servers...
>
>It is one a leased line, fix ip, UPS. There was no powerouts.
>
>It has qmail, wu_ftpd, apache, sshd1, telnetd on it. It has all the
>patches on security.debian.org. DNS is 8.2
7 matches
Mail list logo
